The catalog
Browse Reproductions
191 verified reproductions
Popular records
Top viewed reproduction records
Frequently opened evidence pages with direct links to runnable proof and permanent REPRO IDs.
REPRO-2026-00281 Apache Kafka SASL/OAUTHBEARER accepts unvalidated JWTs REPRO-2026-00222 SimpleHelp OIDC authentication accepts unsigned/forged ID tokens, enabling remote authentication bypass and possible MFA bypass in versions 5.5.15 and earlier and 6.0 prereleases prior to the fixed release. REPRO-2026-00259 iCagenda unauthenticated file upload RCE in public event submission form REPRO-2026-00275 Coolify terminal WebSocket endpoints lack proper authorization checks, allowing low-privileged members to access terminal functionality and achieve remote command execution on managed hosts. REPRO-2026-00223 phpBB authentication bypass/account hijacking via OAuth login-link flow with arbitrary auth_provider=apache REPRO-2026-00258 Cudy LT300 3.0 OS command injection
191 reproductions
REPRO-2026-00066 published
Skipper Lua Filter Arbitrary Code Execution
GHSA-cc8m-98fm-rc9g high Security go
github.com/zalando/skipper
9m 5s Jan 17, 2026
REPRO-2026-00065 published
node-tar Arbitrary File Overwrite via Hardlink Escape
GHSA-8qq5-rm4j-mr97 high Security npm
tar
6m 8s Jan 17, 2026
REPRO-2026-00064 published
node-tar Arbitrary File Overwrite via Hardlink Escape
GHSA-8qq5-rm4j-mr97 high Security npm
tar
6m 8s Jan 17, 2026
REPRO-2026-00063 published
deepdiff: Class Pollution RCE via Delta Tuple Path Bypass
CVE-2025-58367 critical Security pip
deepdiff
1m 7s Jan 13, 2026
REPRO-2026-00062 published
langgraph-checkpoint: Constructor Deserialization RCE in JsonPlusSerializer
CVE-2025-64439 high Security pip
langgraph-checkpoint
1m 7s Jan 12, 2026
REPRO-2026-00061 published
python-socketio: Pickle Deserialization RCE in PubSub Manager
CVE-2025-61765 medium Security pip
python-socketio
1m 5s Jan 12, 2026
REPRO-2026-00054 published
Craft CMS: Unauthenticated Database Backup Trigger
CVE-2025-68456 medium Security composer
craftcms/cms
36m 45s Jan 8, 2026
REPRO-2026-00052 published
ComfyUI-Manager: Configuration File Exposure via Web-Accessible Path
CVE-2025-67303 high Security pip
ComfyUI-Manager
11m 32s Jan 8, 2026
REPRO-2026-00045 published
BentoML RCE via Insecure Deserialization
CVE-2025-27520 critical Security pip
bentoml
16m 37s Jan 7, 2026
REPRO-2026-00044 published
jsPDF Local File Inclusion/Path Traversal in Node.js builds
CVE-2025-68428 critical Security npm
jspdf
8m 13s Jan 7, 2026
REPRO-2026-00001 published
Setuptools Path Traversal via PackageIndex.download
CVE-2025-47273 high Security pip
setuptools
14m 9s Jan 7, 2026